How do I integrate Ianum with a SonicWall SMA?

03/26/2020 0 4720

DESCRIPTION:

RESOLUTION:

To complete the connection you need first to configure the connection with Ianum , configuring it as an Identity Provider. Next step, you need to configure connection with SonicWall, so that users allowed by Identity Provider are accepted by SonicWall system.

1. Ianum setup
   

   Navigate to the Ianum Developer area (https://id.ianum.com/ianum). If you need this for a personal account, go ahead. If you need for a company, create a company profile clicking on the top-right menu and selecting “Add new profile”.

   1. Create the Gate
      
      1. Create a gate by selecting the type “Identity Provider”
         
         
         
      2. Configure IdP
         In the Identity Provider tab you can find the parameters needed to configure the IdP on SonicWall side.
         
         
      3. Start creating groups for your users (from Group section) and Attributes you want to set for your users (from Attributes section).
         
         
         
         
         
      4. Add users to your IdP
         Go back in the Passwordless Auth service to add your users. To add a user you need to specify the email of that user so that he can receive the invitation into the Identity Provider. Then you can set his attributes and the groups he’s part of.
         
         
         
      5. Create SonicWall App
         You are now ready to create the Application to connect SonicWall. Go in the Identity Provider section and add a new App.
         
         
         
   2. You can put the information of the SonicWall Service Provider, as well as decide which groups are allowed to enter and mapping the attributes of the users for that Service Provider. Here you can also download the Certificate for your app.
      Mappers are needed cause if you have created an attribute of type ID, and the Service Provider has the same parameter called identificator you need to create a mapper to say that Identity Provider has to return the value ID but calling it identificator just for this App.
      
      
      Remember to tell your users to control their emails and accept the invitation. To do that, they have to download Ianum App from Play Store or App Store, and do the first login by clicking the link in the email received.
      
      
2. SonicWall Setup
   1. Define the SAML workplace Portal
      Login to the SMA device and click Workplace
      
      
      
      
      
   2. Add Ianum CA
      Ianum CA was saved before from Ianum Developer Area.
      
      
      Make sure it can be used to check signed SAML requests:
      
      
      
   3. Setup an IDP Authentication server
      
      
      Most of the fields come from Ianum Developer Area SSO page.
      The fields in Red come from Ianum Developer Area SSO page while the ones in green are related toyour specific setup.
      
      
      Name : logical name for the authentication server, any name meaningful to you
      Appliance ID : this is the FQDN used by Ianum to talk back to the SMA and transmit the SAML assertion, it must exist as a Workplace portal which is also selected below in green. MAKE SURE to use HTTPS and a / at the end of the URl
      
      
      
      
   4. Setup Tunnel Access
      
      
      Make sure an IP pool is assigned:
      
      
      An access rule must allow access to “Connect Tunnel” resource.
      
      
      
      
   5. Test the configuration
      Now it’s time to test the configuration. You can go to your service provider and click on Ianum-SAML login.
      
      
      You’ll be redirected to Ianum Identity Provider and you’ll see a page with a QR Code.
      
      
      Now you need to download the Ianum App from the App Store or the Google Play Store. Then you need to activate it inserting your phone number and insert the verification code received through an SMS. You’re ready to Scan the QR Code!
      After you scanned it, the first time you’ll be asked to enter a code (the code received through email) and it’s a code to match your Ianum Identity with the user allowed to access the Identity Provider.
      If the user has clicked the link in the invitation email sent when the user has been added to Identity Provider, the code won’t be asked.
      
      
      
      After you entered the code, you’ll complete the login procedure and you’ll be redirected to your Service Provider page. You’re successfully logged in.